<?php
ifi!$_GET['cmd'])
{ 
	if(!perms_check('comments', 'edit') and !perms_check('comments', 'del'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_GET['rec']);
	if(!$_GET['rec'])
		$_GET['rec']=0;

	//sort
	$fields=array('id', 'title', 'text', 'date', 'what', 'nick', 'ip');

	//sort
	if($_GET['sort']!='ASC' && $_GET['sort'] != 'DESC')
		$_GET['sort']='DESC';
	if(!$_GET['sortby'] or !in_array($_GET['sortby'], $fields))
		$_GET['sortby']='id';
	if($_GET['sort']=='ASC')
		$sortnext='DESC';
	else
		$sortnext='ASC';
	//
	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix]comments WHERE visible=1") or $db->err(__FILE__, __LINE__);
	$q=$db->num_rows();

	$page_link=split_to_pages('<a href="index.php?module=admin&action=comments&sortby='.$_GET['sortby'].'&sort='.$_GET['sort'].'&amp;rec={rec}">{nr}</a>', $conf['admin_per_page'], $q, $_GET['rec']);

	$content = string_template(read_file('admin/themes/comments_header.php'), array('page_link' => $page_link, 'sortnext'=>$sortnext));

	$db->query("SELECT * FROM $conf[prefix]comments WHERE visible=1 ORDER by $_GET[sortby] $_GET[sort] LIMIT $_GET[rec], $conf[admin_per_page]") or $db->err(__FILE__, __LINE__); 
	while($d=$db->fetch_object())
	{
		$i++;
		if($i>2)
			$i=1;

		if(is_numeric($d->who)) {
			$author=get_user_overlib_by_id($d->who);
		}
		else
			$author=$d->who;

		$url='index.php?module='.$d->what.'&id='.$d->whatid.'&lang='.$d->lang;

		$content .= string_template(read_file('admin/themes/comments_item.php'), array("id" => $d->id, "title" => read_text_rest($d->title), "text" => strip_exbcode(read_text_comments(add_dots($d->text, 150))), "date" => date($conf['date_format'], strtotime($d->date)), "nick" => $author, "ip" => $d->ip, "what" => $d->what, "whatid" => $d->whatid, "url"=>$url,  "i" => $i));
	}

	$content .= string_template(read_file('admin/themes/comments_footer.php'), array('page_link' => $page_link));
}
elseif($_GET['cmd']=='moderate')
{ 
	if(!perms_check('comments', 'edit') and !perms_check('comments', 'del'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_GET['rec']);
	if(!$_GET['rec'])
		$_GET['rec']=0;

	//sort
	$fields=array('id', 'title', 'text', 'date', 'what', 'nick', 'ip', 'what');

	//sort
	if($_GET['sort']!='ASC' && $_GET['sort'] != 'DESC')
		$_GET['sort']='DESC';
	if(!$_GET['sortby'] or !in_array($_GET['sortby'], $fields))
		$_GET['sortby']='id';
	if($_GET['sort']=='ASC')
		$sortnext='DESC';
	else
		$sortnext='ASC';
	//

	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix]comments WHERE visible=0") or $db->err(__FILE__, __LINE__);
	$q=$db->num_rows();

	$page_link=split_to_pages('<a href="index.php?module=admin&action=comments&cmd=moderate&sortby='.$_GET['sortby'].'&sort='.$_GET['sort'].'&amp;rec={rec}">{nr}</a>', $conf['admin_per_page'], $q, $_GET['rec']);

	$content = string_template(read_file('admin/themes/comments_header.php'), array('page_link' => $page_link, 'sortnext'=>$sortnext));

	$db->query("SELECT * FROM $conf[prefix]comments WHERE visible=0 ORDER by $_GET[sortby] $_GET[sort] LIMIT $_GET[rec], $conf[admin_per_page]") or $db->err(__FILE__, __LINE__); 
	while($d=$db->fetch_object())
	{
		$i++;
		if($i>2)
			$i=1;

		if(is_numeric($d->who)) {
			$author=get_user_overlib_by_id($d->who);
		}
		else
			$author=$d->who;

		$url='index.php?module='.$d->what.'&id='.$d->whatid;

		$content .= string_template(read_file('admin/themes/comments_item.php'), array("id" => $d->id, "title" => read_text_rest($d->title), "text" => add_dots(strip_exbcode($d->text), 150), "date" => date($conf['date_format'], strtotime($d->date)), "nick" => $author, "ip" => $d->ip, "what" => $d->what, "whatid" => $d->whatid, "url"=>$url, "durl"=>urlencode($url.'#cmts'),  "i" => $i));
	}

	$content .= string_template(read_file('admin/themes/comments_footer.php'), array('page_link' => $page_link));
}
elseif($_GET['cmd']=='edit')
{
	if(!perms_check('comments', 'edit'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_GET['id']);  
	$db->query("SELECT * FROM $conf[prefix]comments WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

	//sprawdzanie czy komantarz istnieje
	if($db->num_rows()==0)
	{
		redirect('index.php?module=admin&action=comments');
		exit;
	}
	//

	$d=$db->fetch_object();
	$d->text=read_text_edit($d->text);

	$registered=true;
	if(!is_numeric($d->who))
		$registered=false;

	$content = string_template(read_file('admin/themes/comments_edit_form.php'), array('theme_path'=>$GLOBALS['theme_path'], 'function' => 'comment_edit', 'who' => $d->who, 'id'=>$d->id, 'mail' => $d->mail, 'date' => $d->date, 'text_content' => $d->text, 'title_content'=>read_text_rest($d->title), 'ip' => $d->ip));
}
elseif($_GET['cmd']=='really_delete')
{
	if(!perms_check('comments', 'del'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_GET['id']);
	$db->query("SELECT * FROM $conf[prefix]comments WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

	//sprawdzanie czy komentarz istnieje
	if($db->num_rows()==0)
	{
		redirect('index.php?module=admin&action=comments');
		exit;
	}
	//

	$d=$db->fetch_object();

	$what=read_text_rest($d->title);
	$yes='<input type="button" onClick="javascript:location.href=\'index.php?module=comments&function=comment_delete&id='.$_GET['id'].'&whatid='.$_GET['whatid'].'&amp;what='.$d->what.'\'" value="'.$lang['yes'].'" class="button">';
	$no='<input type="button" onClick="javascript:history.go(-1);" value="'.$lang['no'].'" class="button">';

	$content=string_template($lang['admin_really_delete'], array('what'=>$what, 'yes'=>$yes, 'no'=>$no));
}
elseif($_GET['cmd']=='really_multi')
{
	SQLvalidate($_GET['id']);
	if($_GET['id'])
		$_POST['ids']=array($_GET['id']);

	if(!is_array($_POST['ids'])) {
		redirect($_SESSION['redirect_2']);
		exit;
	}

	$ids_='';
	foreach($_POST['ids'] as $id_) {
		$ids_.='<input type="hidden" value="'.$id_.'" name="ids[]" />';
	}
	if($_GET['url'])
		$url_='<input type="hidden" value="'.urldecode($_GET['url']).'" name="url" />';

	$yes='<form action="index.php?module=comments&function=comments_multi_'.$_GET['what'].'&amp;update='.$_GET['update'].'" method="post">'.$ids_.$url_.'<input type="submit" value="'.$lang['yes'].'" class="button" />';
	$no='<input type="button" onClick="javascript:history.go(-1);" value="'.$lang['no'].'" class="button"> </form>';

	$content=string_template($lang['admin_really'], array('yes'=>$yes, 'no'=>$no));
}

$content=string_template(read_file('middle.php'), array('theme_path' => $GLOBALS['theme_path'], 'content' => $content, 'description' => $lang['comments_comment']));
//
?>
